Wednesday, 1 October 2014

Linux iptables firewalling rules for use with Data Protector

Do you have a special "backup" network? If it's accessible on (say) eth1, then

iptables -I INPUT -p tcp -i eth1 --dport 5555 -j ACCEPT

Or, if you want to restrict a client so that it only receives connections from the cell manager (if the cell manager has an IP address of 192.168.200.100:

iptables -I INPUT -p tcp -s 192.168.200.100 --dport 5555 -j ACCEPT

You could get the same effect by adding an only_from parameter in /etc/xinetd.d/omni or by turning on cell security.

If the client also has tape drives (or the robotic control for a tape library) attached then you will need to open up a range of port numbers. Here I've allowed 10 concurrent connections, which would be appropriate for a 9-drive tape library with a robotic controller:

Greg Baker is an independent consultant who happens to do a lot of work on HP DataProtector. He is the author of the only published books on HP Data Protector (http://x.ifost.org.au/dp-book). He works with HP and HP partner companies to solve the hardest big-data problems (especially around backup). See more at IFOST's DataProtector pages at http://www.ifost.org.au/dataprotector